Revision as of 07:42, 30 July 2021 (view source) Josef.Noll (Talk | contribs) (→‎Check Log file) ← Older edit		Latest revision as of 18:48, 14 October 2022 (view source) Josef.Noll (Talk | contribs)
(2 intermediate revisions by the same user not shown)
Line 33:		Line 33:
	IP = Hotspot		IP = Hotspot
−	</pre>	+	</pre> ERROR· no connection to its-wiki.no
−		+
−		+
−	ERROR· no connection to its-wiki.no	+
	<pre>		<pre>
	Reason: https://yeboo.com is blocked (local raspberry Pi)		Reason: https://yeboo.com is blocked (local raspberry Pi)
Line 42:		Line 39:
	</pre>		</pre>
−	{{Large|'''Use the configuration steps on http://owncloud.basicinternet.org'''}}
−
−	= Steps =
−	== 1. Connect the wAP ==
−	*Connect the LNCC (RDB52G) to a network on Port 1 (not necessary for the first steps)
−	*Connect the Mac/PC to the LNCC wifi network that will appear on your network list looks like MikroTik-28FBFB
−	** ''Alternative: Connect the Mac/PC to port 2 of the LNCC''
−
−	== 2. Open Winbox4Mac ==
−	*Go to neighbours connect to the device appears
−	*If no one appears click refresh then it will come up
−	*Then there is an automatic message will come up choose (Remove configuration)
−	*Go to System=> reset-configuration no-default=>yes
−	*Automatically, you will be logged out
−	== 3. Connect the LNCC to the Mac ==
−	*Go to neighbours connect to the device appears
−	*If no one appears click refresh then it will come up
−	* If it doesn't work unconnected the LNCC
−	*Usually, it won't connect if you use a limited and strict network that you should change to another network to give you the ability to share the network with the Mikrotik device
−	* go to network preferences and choose USB10/...00LAN
−	*Go to the sharing folder in the setting and open sharing
−	== 4. Open Winbox4Mac ==
−	*After connecting go to IP => DHCP client => click on (+) on the top to the left
−	* Go to interface and select (ether 1) => apply => OK
−	*A table will appear and show Interface (ether1), Use P... (Yes), Add D... (Yes), IP Address (....numbers...), Expire After (...time...), & Status (bound)
−	== 5. Go to system ==
−	* Choose packages => check for updates => Download&Install
−	* Down the box you will get the message Download and rebooting
−
−	**There are two options from this step to finalise the configuration. Both are explained in 6 and 7
−
−	== 6. First method ==
−	== Go to files ==
−	*Upload three certificate files those will be found one OwnCloud=> Certificate8 directory, contains bif_client_tz8.crt,key,csrr ( 3 files 1. Ca.crt 2. Client1.crt 3.client1.key)
−	* The certificate file should be uploaded in the winbox=> file=> file list=> flash directory
−	* Go to file list and import the suitable configuration file (RB921) from OwnCloud => BasicInternet => Technology => Mikrotik => Tanzania_backups => the file name
−	*Take the file to the window File list and there will appear with the other two folders flash & flash/skins
−	*Take the file another time and this time put it within the flash/skin folder to be imported in it also
−
−	== Go to New Terminal ==
−	*On the end of the page write the command (import the file you imported's name)
−	*Press enter and wait for a few seconds
−	* It should give you a message that the file is loaded and executed successfully
−
−	== 7. Second method ==
−	== Go to files ==
−	* Upload the certificates files from Owncloud (bif_client_tz8.crt,key,csrr)
−
−	== Go to New Terminal ==
−	* copy the following command lines and paste them into the terminal and press "Enter" key
−	/interface bridge
−	add comment="Bridge to distribute hotspot" fast-forward=no name=\
−	Hotspot_Bridge
−	/interface wireless
−	set [ find default-name=wlan1 ] disabled=no mode=ap-bridge radio-name=\
−	BasicInternet_AP ssid=BasicInternet
−	set [ find default-name=wlan2 ] disabled=no mode=ap-bridge radio-name=\
−	BasicInternet_AP ssid=BasicInternet
−	/interface list
−	add comment=defconf name=WAN
−	add comment=defconf name=LAN
−	/interface wireless security-profiles
−	set [ find default=yes ] supplicant-identity=MikroTik
−	/ip hotspot profile
−	set [ find default=yes ] dns-name=access.basicinternet.org hotspot-address=\
−	10.5.50.1 html-directory=flash/BI_hotspot login-by=http-chap name=\
−	BS_Hotspot_Profile use-radius=yes
−	/ip hotspot user profile
−	set [ find default=yes ] session-timeout=1h shared-users=unlimited
−	/ip pool
−	add comment="Hotspot pool" name=HSPool ranges=10.5.50.10-10.5.50.254
−	add name=PoolEther2 ranges=192.168.60.10-192.168.60.20
−	/ip dhcp-server
−	add add-arp=yes address-pool=HSPool disabled=no interface=Hotspot_Bridge \
−	name=HSDHCP
−	add address-pool=PoolEther2 disabled=no interface=ether2 name=server1
−	/ip hotspot
−	add address-pool=HSPool addresses-per-mac=1 disabled=no idle-timeout=none \
−	interface=Hotspot_Bridge name=server1
−
−	* copy the following command line and paste it into the terminal and press "Enter" key
−	/certificate import file-name=ca.crt
−
−	Then you will be asked for the password below
−	b1fcl13nt1
−
−
−	* copy the following command line and paste it into the terminal and press "Enter" key
−	/certificate import file-name=client1.crt
−
−	Then you will be asked for the password below
−	b1fcl13nt1
−
−	* copy the following command line and paste it into the terminal and press "Enter" key
−	/certificate import file-name=client1.key
−
−	Then you will be asked for the password below
−	b1fcl13nt1
−
−	* copy the following command lines and paste it into the terminal and press "Enter" key
−	/interface sstp-client
−	add authentication=mschap2 certificate=bif_client_tz7.crt_0 connect-to=\
−	maincorerouter.basicinternet.org disabled=no name=sstp-tanzania password=\
−	t4nz4n14s3v3n profile=default-encryption user=sstptanzania7
−
−	/interface bridge port
−	add bridge=Hotspot_Bridge interface=ether4
−	add bridge=Hotspot_Bridge interface=ether5
−	add bridge=Hotspot_Bridge interface=wlan1
−	add bridge=Hotspot_Bridge interface=wlan2
−	add bridge=Hotspot_Bridge interface=ether3
−	/ip neighbor discovery-settings
−	set discover-interface-list=LAN
−	/interface list member
−	add comment=Hotspot interface=Hotspot_Bridge list=LAN
−	add comment=Internet interface=ether1 list=WAN
−	/ip address
−	add address=10.5.50.1/24 comment="IP address for Hotspot bridge" interface=\
−	Hotspot_Bridge network=10.5.50.0
−	add address=192.168.60.1/24 interface=ether2 network=192.168.60.0
−	/ip dhcp-client
−	add comment=Internet dhcp-options=hostname,clientid disabled=no interface=\
−	ether1
−	/ip dhcp-server network
−	add address=10.5.50.0/24 comment="Hotspot pool" gateway=10.5.50.1
−	add address=192.168.60.0/24 gateway=192.168.60.1
−	/ip dns
−	set allow-remote-requests=yes
−
−	/ip firewall filter
−	add action=passthrough chain=unused-hs-chain comment=\
−	"place hotspot rules here" disabled=yes
−	add action=drop chain=input disabled=yes in-interface=sstp-tanzania
−	/ip firewall nat
−	add action=passthrough chain=unused-hs-chain comment=\
−	"place hotspot rules here" disabled=yes
−	add action=passthrough chain=unused-hs-chain comment=\
−	"place hotspot rules here" disabled=yes
−
−	/ip firewall nat add action=masquerade chain=srcnat out-interface=*9
−	/ip hotspot walled-garden
−	add action=deny dst-host=*porn* server=server1
−	add dst-host=login.muftwifi.com server=server1
−	add dst-host=*mitu.or.tz server=server1
−	add dst-host=*healthresearchweb.org server=server1
−	add dst-host=*TrygtSvangerskap.no server=server1
−	add dst-host=*tanzania.go.tz server=server1
−	add dst-host=*wdr.de server=server1
−	add dst-host=*google.co.tz server=server1
−	add dst-host=*google.com server=server1
−	add dst-host=*yeboo.com server=server1
−	add dst-host=*moh.go.tz server=server1
−	add dst-host=*.go.tz server=server1
−	add dst-host=*nimr.or.tz server=server1
−	add dst-host=*sua.ac.tz server=server1
−	add dst-host=*mnh.or.tz server=server1
−	add dst-host=*mzrh.go.tz server=server1
−	add dst-host=*msd.go.tz server=server1
−	add dst-host=*tfda.go.tz server=server1
−	add dst-host=*nbs.go.tz server=server1
−	add dst-host=*nbts.go.tz server=server1
−	add dst-host=*ntlp.go.tz server=server1
−	add dst-host=*thps.or.tz server=server1
−	add dst-host=*nacp.go.tz server=server1
−	add dst-host=*apt.or.tz server=server1
−	add dst-host=*bugandomedicalcentre.go.tz server=server1
−	add dst-host=*ccbrt.or.tz server=server1
−	add dst-host=*edu.tz server=server1
−	add dst-host=*who.int server=server1
−	add dst-host=*.int server=server1
−	add dst-host=*unicef.org server=server1
−	add dst-host=*nhif.or.tz server=server1
−	add dst-host=*mcdgc.co.tz server=server1
−	add dst-host=*ac.tz server=server1
−	add dst-host=*imis.tfda.go.tz server=server1
−	add dst-host=*hmisportal.moh.go.tz server=server1
−	add dst-host=*ammehjelp.no server=server1
−	add dst-host=*domene.shop server=server1
−	add dst-host=*helsenorge.no server=server1
−	add dst-host=*helsedirektoratet.no server=server1
−	add dst-host=*matportalen.no server=server1
−	add dst-host=*dinutvei.no server=server1
−	add dst-host=*rustelefonen.no server=server1
−	add dst-host=*slutta.no server=server1
−	add dst-host=*tryggmammamedisin.no server=server1
−	add dst-host=*hioa.no server=server1
−	add dst-host=*uio.no server=server1
−	add dst-host=*ous.no server=server1
−	add dst-host=*ruter.no server=server1
−	add dst-host=*yr.no server=server1
−	add dst-host=*unik.no server=server1
−	add dst-host=*digicert.com server=server1
−	add dst-host=*opera-mini.net server=server1
−	add dst-host=*gravidpluss.no server=server1
−	add dst-host=*gravidpluss.org server=server1
−	add dst-host=*norad.no server=server1
−	add dst-host=*digi.futurecompetence.net server=server1
−	add dst-host=*basicinternet.no server=server1
−	add dst-host=*basicinternet.org server=server1
−	add dst-host=*its-wiki.no server=server1
−	add dst-host=*wikipedia.org server=server1
−	add dst-host=*sustainabledevelopment.un.org server=server1
−	add dst-host=*facebook.com server=server1
−	add dst-host=free.facebook.com server=server1
−	add dst-host=*amazon.com server=server1
−	add dst-host=*akadns* server=server1
−	add dst-host=*akamai* server=server1
−	add dst-host=*un.org server=server1
−	add dst-host=*whatsapp.net server=server1
−	add dst-host=*apple.com server=server1
−	add dst-host=*google.no server=server1
−	add dst-host=*gstatic.com server=server1
−	add dst-host=*google.com server=server1
−	add dst-host=*googleusercontent.com server=server1
−	add dst-host=*gvt1.com server=server1
−	add dst-host=*bing.com server=server1
−	add dst-host=*who.int server=server1
−	/ip hotspot walled-garden ip
−	add action=accept disabled=no dst-address=52.88.179.209 !dst-address-list \
−	!dst-port !protocol server=server1 !src-address !src-address-list
−
−	/ip route add dst-address=192.168.111.10 gateway=172.29.0.1
−
−	/ip route
−	add distance=1 dst-address=192.168.111.10/32 gateway=sstp-tanzania
−
−	/ip service
−	set telnet disabled=yes
−	set ftp disabled=yes
−	set www disabled=yes
−	set api disabled=yes
−	set winbox address=192.168.60.0/24
−	set api-ssl disabled=yes
−	/ip ssh
−	set allow-none-crypto=yes
−	/radius
−	add address=193.156.3.235 secret=basicinternet service=hotspot
−	/system clock
−	set time-zone-name=Europe/Oslo
−	/system identity
−	set name=BasicInternet_Core_Mali
−	/system scheduler
−	add interval=1d name=statusticJob on-event=Statistic policy=\
−	read,write,policy,test start-date=mar/29/2019 start-time=00:05:00
−	add interval=1d name=WhitelistUpdate_job on-event=WhiteList_Update policy=\
−	read,write,policy,test start-date=sep/15/2018 start-time=00:05:00
−	/system script
−	add dont-require-permissions=no name=WhiteList_Update owner=\
−	admin@BasicInternet policy=read,write,policy,test source="#Download a file\
−	\_with whitelisted website and add to hotspot walled-garden\r\
−	\n#File should be in form of:server_name,destination_host,action,optional_\
−	destination_port\r\
−	\n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\
−	s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\"\r\
−	\n:if ( [:len hapAC-Mali.txt] != [:len LastWhitelist.txt] ) do={\r\
−	\n\r\
−	\n#remove Hotspot walled-garden entries\r\
−	\n:foreach ENTRY in=[/ip hotspot walled-garden find] do={\r\
−	\n/ip hotspot walled-garden remove number=\$ENTRY\r\
−	\n}\r\
−	\n#Add downloaded whitelist to Hotspot whitelist\r\
−	\n#Read the file contents\r\
−	\n:global content [/file get hapAC-Mali.txt contents]\r\
−	\n:global contentLen [ :len \$content ]\r\
−	\n:global lineEnd 0\r\
−	\n:global line \"\"\r\
−	\n:global lastEnd 0\r\
−	\n\r\
−	\n:do {\r\
−	\n#Determine end of line by newline charachter\r\
−	\n:set lineEnd [:find \$content \"\\r\\n\" \$lastEnd ]\r\
−	\n:set line [:pick \$content \$lastEnd \$lineEnd]\r\
−	\n:set lastEnd ( \$lineEnd + 2 )\r\
−	\n#Convert string to array\r\
−	\n:local tmpArray [:toarray \$line] \r\
−	\n:if ( [:pick \$tmpArray 0] != \"\" ) do={\r\
−	\n#Add rule to Hotspot walled-garden\r\
−	\n/ip hotspot walled-garden add server=\"server1\" dst-host=[:pick \$tmpAr\
−	ray 0] dst-port=[:pick \$tmpArray 2] action=[:pick \$tmpArray 1]\r\
−	\n}\r\
−	\n} while (\$lineEnd < (\$contentLen - 2))\r\
−	\n\r\
−	\n\r\
−	\n/tool fetch mode=https user=\"TEST_BI\" password=\"90838066\" url=\"http\
−	s://owncloud.basicinternet.org/remote.php/webdav/Device/hapAC-Mali.txt\" d\
−	st-path=\"LastWhitelist.txt\"\r\
−	\n\r\
−	\n}"
−	add dont-require-permissions=no name=Statistic owner=admin@BasicInternet \
−	policy=read,write,policy,test source="#Send statistics including Walled-Ga\
−	rden hits, Ether1 bytes, hs free internet and number of users\r\
−	\n:global WebProxyTemp\r\
−	\n:global Ether1RXTemp\r\
−	\n:global Ether1TXTemp\r\
−	\n:local temp \"EmptyHost\"\r\
−	\n:local HitStr \"\"\r\
−	\n# print Mikrotik hotspot walled garden entries ( as-value is good for pa\
−	rsing)\r\
−	\n:local WalledGarden [/ip hotspot walled-garden print as-value]\r\
−	\n#Iterate through each line in the walled garden \r\
−	\n:foreach line in=\$WalledGarden do={\r\
−	\n#Iterate through each key=value in each line\r\
−	\n:foreach key,value in=\$line do={\r\
−	\n#Find the destination host key=value\r\
−	\n:if (\$key = \"dst-host\") do={ :set \$temp \"\$value\"}\r\
−	\n#Find the Hits key=value\r\
−	\n:if (\$key = \"hits\") do={ :set HitStr (\$HitStr . \$temp . \"=\" . \$v\
−	alue . \";\")}\r\
−	\n}\r\
−	\n}\r\
−	\n#Get Walledgaren usage in KB through web proxy\r\
−	\n:local ProxyLine [/ip proxy monitor once as-value];\r\
−	\n#Iterate through each line in the filter \r\
−	\n:foreach key2,value2 in=\$ProxyLine do={\r\
−	\n:if (\$key2 = \"received-from-servers\") do={ :set \$hsFreeKB \$value2}\
−	\r\
−	\n}\r\
−	\n#Get the Overall Traffic usage\r\
−	\n:local Ether1RX [/interface get ether1 rx-byte]\r\
−	\n:local Ether1TX [/interface get ether1 tx-byte]\r\
−	\n#Get number of devices connected to hotspot\r\
−	\n:local NrDevices [/ip hotspot host print count-only]\r\
−	\n\r\
−	\n:foreach ENTRY in=[/ip hotspot host find] do={\r\
−	\n/ip hotspot host remove number=\$ENTRY\r\
−	\n}\r\
−	\n# Get system date\r\
−	\n:local date [/system clock get date]\r\
−	\n# Get system Time\r\
−	\n:local time [/system clock get time]\r\
−	\n#Get RouterBoard box identity\r\
−	\n:local identity [/system identity get name]\r\
−	\n# Concatenate all variables to a global variable\r\
−	\n:global Statistic (\$identity . \" \" . \$date . \" \" . \$time . \" \" \
−	. \$HitStr . \"Ether1RXMiB=\" . ( (\$Ether1RX - \$Ether1RXTemp) / 1048576)\
−	\_. \";Ether1TXMiB=\" . ((\$Ether1TX - \$Ether1TXTemp) / 1048576) . \";hsF\
−	reeMiB=\" . ( (\$hsFreeKB - \$WebProxyTemp) / 1024) . \";NrhsDevices=\" . \
−	\$NrDevices)\r\
−	\n#Used to keep track of Counter- beacuse reset-counter doesnot work\r\
−	\n:set \$WebProxyTemp \$hsFreeKB\r\
−	\n:set \$Ether1RXTemp \$Ether1RX\r\
−	\n:set \$Ether1TXTemp \$Ether1TX\r\
−	\n\r\
−	\n#Reset counters then we have daily usage\r\
−	\n/ip hotspot walled-garden reset-counters-all\r\
−	\n#Send walled garden statistics stored in Statistic global variable to re\
−	mote server HTTPS\r\
−	\n/tool fetch mode=https keep-result=no user=\"data@infointernet\" passwor\
−	d=\"b2HmNqB4yrIUaT5KE1OY\" url=\"https://walleddata.basicinternet.org/\" h\
−	ttp-method=post http-data=\"\$Statistic\""
−	/tool mac-server
−	set allowed-interface-list=LAN
−	/tool mac-server mac-winbox
−	set allowed-interface-list=LAN
		+	== Detailed configuration of the LNCC ==
−	* After this you are done with the LNCC configuration	+	{{Large|'''Use the configuration steps on http://Nextcloud.basicinternet.org'''}}, start from https://nextcloud.basicinternet.org/index.php/f/6092 (registration & approval required)

---

Latest revision as of 18:48, 14 October 2022

back to BasicInternet:Solutions, BasicInternet:InfoSpot_configuration

Configuration of LNCC RDB52G

Configuration through WinBox

Connect the device direct to your laptop and then use the WinBox or the used configuring program

• either by connecting to WiFi to the LNCC, use the W01: Mac address
• or connecting to port 2 on the LNCC, use the E02: Mac address (E01: Mac address+1)
• Note: if connecting through cable, ensure that Wifi on our PC is off

If the device doesn't connect or appear within the configuration window then to connect to cable to port 2

• Share Wifi IP configuration from MAC
• If initial "find" from wAP fails, then disconnect Wifi, only connect USB to wAP, and "find"
• If the available network doesn't permit net/wifi sharing then connect the Mikrotikk device direct to a wifi router such RB960PGS
• Reason: for updating the packages, the wAP needs to be connected (through the MAC) with Internet

ERROR handling

Login 192.168.60.1

Wine/Crossover - Winbox

admin (see BasicInternet_Passwords.kbdx)BasicInternet

E02: 74:4D:28:E8:4C:81 is the

W01: .... 86

Check Log file

Error: sstp-tanzania: …. terminating, could not resolve name

Interface = SSTP client 
 Dial out: sstp.basicinternet.org -> maincorerouter.basicinternet.org
 CHANGED sstp = maincorerouter.basicinternet.org  (on Domeneshop)
 % Remote?? connection time-out

IP = Hotspot 

ERROR· no connection to its-wiki.no

Reason: https://yeboo.com is blocked (local raspberry Pi)
 /ip firewall filter add action=drop chain=forward comment="block yeboo https" content=yeboo disabled=no dst-port=443 protocol.tcp

Detailed configuration of the LNCC

Use the configuration steps on http://Nextcloud.basicinternet.org, start from https://nextcloud.basicinternet.org/index.php/f/6092 (registration & approval required)